Coco is a Siamese cat that lives in Washington, D.C. with his owner Nancy. One day, after taking a few naps, Coco decided to go on a journey. He went wandering around his suburban neighborhood, and spent three hours exploring nearby backyards. He did some hunting, and eventually killed a mouse whose corpse was thoughtfully brought home to his octogenarian owner as a gift.
However, while Coco was out, he also mapped dozens of his neighbors’ Wi-Fi networks, identifying four routers that used an old, easily broken form of encryption and another four that were left entirely unprotected. Coco was in fact wearing a collar created by Nancy’s granddaughter’s husband, security researcher Gene Bransfield.
Bransfield had built into the collar that Coco was wearing, a Spark Core chip loaded with his custom-coded firmware, a Wi-Fi card, a tiny GPS module and a battery. The assembled device allowed him to map all the networks in the neighborhood that would be vulnerable to any intruder or Wi-Fi mooch with some simple crypto-cracking tools. Bransfield also explained that if the owner gets nervous that the cat might get caught, the GPS device can also be used to find the cat and retrieve it. According to Wired the method is called “wardriving”, and it involves scouring multiple networks to see how secure they are. The device, which was introduced by Bransfield last August at the DEF CON hacker conference in Las Vegas as the “WarKitteh” collar, was built for less than $100, and turns any outdoor cat into a Wi-Fi-sniffing hacker accomplice.
Despite the title of his DEF CON talk “How To Weaponize Your Pets”, and the fact that anyone could easily mimic his device, Bransfield admits that WarKitteh does not represent an actual security threat. What was actually impressing for Bransfield was the high number of networks tracked by his data-collecting cat that used WEP, a form of wireless encryption known for more than 10 years to be easily broken. In a little over three hours, Coco revealed 23 Wi-Fi hotspots, more than a third of which were open to snoops or used crackable WEP instead of the more modern WPA encryption. Later, Bransfield mapped those networks using Google Earth’s API.
The number of vulnerable access points surprised Bransfield, and several of the WEP connections were Verizon FiOS routers left with their default settings unchanged. Even though Bransfield admits that his cat stunt was mostly a form of personal entertainment, he hopes that it might make more users aware regarding possible privacy issues. If a cat can break into someone's weak home Wi-Fi network, they should perhaps consider upgrading the security on their network to make it less accessible to hackers.
I could not have written this article without the help of the following sources: